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DECISION ON APPEAL 

This is a decision on appeal under 35 U.S.C. § 134 of the final 
rejection of claims 1 through 10, 13 through 25, 28 through 38, 40 through 
47, and 49 through 55. We affirm in part. 
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INVENTION 



The invention is directed to a system for passively screening data in a 
data stream at a network boundary. See page 4 of Appellants' Specification. 
Claim 1 is representative of the invention and reproduced below: 

1 . A system for providing passive screening of transient messages in 
a distributed computing environment comprising: 

a network interface passively monitoring a transient packet stream at a 
network boundary comprising receiving incoming datagrams 
structured in compliance with a network protocol layer; 

a packet receiver reassembling one or more of the incoming 
datagrams into a segment structured in compliance with a transport 
protocol layer; 

an antivirus scanner scanning contents of the reassembled segment for 
a presence of at least one of a computer virus and malware to identify 
infected message contents; and 

a protocol-specific module processing each reassembled datagram 
based on the transport protocol layer employed by the reassembled 
datagram. 
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US 6,275,937 Bl 
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Aug. 14, 2001 
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(filed Aug. 29, 2000) 

Jan. 27, 2004 
(filed Dec. 30, 1999) 

Aug. 31,2004 
(filed Sep. 11,2000) 



Epstein 



US 6,684,329 Bl 
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W. Richard Stevens, TCP/IP Illustrated, Volume 1, The Protocols, 
Addison- Wesley, 6-11 (1994) 

OSI Model, Wikipedia, http://en.wikipedia,org/wiki/OSI_model (last 
visited Jun. 1,2006). 

REJECTIONS AT ISSUE 
Claims 32 through 38, 40 through 47, and 49 through 54 stand 
rejected under 35 U.S.C. § 1 12, first paragraph, as failing to meet the written 
description requirement.' The Examiner's rejection is set forth on pages 3 
and 4 of the Answer. 

Claims 1 through 10, 13 through 14, 16 through 25, 28, 29, 31, and 55 
stand rejected under 35 U.S.C. § 102(e) as being anticipated by Maher. The 
Examiner's rejection is set forth on pages 5 through 8 of the Answer. 

Claims 32 through 35, 38, 41 through 44, 47, and 50 through 52 stand 
rejected under 35 U.S.C. § 103(a) as being unpatentable over Maher in view 
of Stevens. The Examiner's rejection is on pages 8 through 12 of the 
Answer. 



* We note the final rejection also contains an objection to the Specification 
which corresponds to the rejection under 35 U.S.C. § 1 12, first paragraph. 
Appellants have presented arguments directed to this objection (Br. 9). The 
Examiner does not address the merits of these arguments but states that they 
relate to a petitionable matter not an appealable matter (Answer 14). Where 
objections contain the same issues as rejections before us, we will consider 
the merits of the objection. In this case, the objection to the Specification 
goes part and parcel with the rejection under 35 U.S.C. § 1 12, first 
paragraph; therefore, we consider the rejection of the claims under 35 U.S.C. 
§112, first paragraph, and the objection to the Specification as one issue. 
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Claims 15, 30, 40, and 49 stand rejected under 35 U.S.C. § 103(a) as 
being unpatentable over Maher in view of Hailpem. The Examiner's 
rejection is on pages 12 and 13 of the Answer. 

Claims 36, 37, 45, and 46 stand rejected under 35 U.S.C. § 103(a) as 
being unpatentable over Maher in view of Bates. The Examiner's rejection 
is on page 13 of the Answer. 

Claims 53 and 54 stand rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Maher in view of Epstein. The Examiner's rejection is on 
pages 13 and 14 of the Answer. 

Throughout the opinion, we make reference to the Brief and Reply 
Brief (filed Apr. 3, 2006 and Aug. 16, 2006 respectively), and the Answer 
(mailed Jun. 16, 2006) for the respective details thereof. 

ISSUES 

Appellants contend that the Examiner's rejection based 35 U.S.C. 
§ 1 12, first paragraph, is in error. Specifically, Appellants argue that the 
Examiner's interpretation of independent claims 32 and 41 is in error, and 
that the claims do not necessarily require that each separate module process 
each datagram. The Appellants point to page 7, line 29 through page 8, line 
5 of the Specification to provide support for the limitations of claims 32 and 
41. Further, with respect to claims 53 and 54, Appellants also point to the 
same passage of the Specification to provide support for the scanning 
submodules. (Br. 10.) 

Appellants contend that the Examiner's rejections based upon the 
patent to Maher are in error. Specifically, Appellants argue that Maher does 
not teach passive screening as recited in the independent claims. (Br. 1 1, 
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12.) Further, Appellants argue that Maher does not teach or make obvious 
the step of receiving copies of datagrams into an incoming packet queue as 
recited in independent claims 32 and 41 . (Br. 1 8.) 

The Examiner contends that the rejection based 35 U.S.C. § 1 12, first 
paragraph, is proper. The Examiner states that independent claims 32 and 
41 clearly recite that each of a plurality of modules process each datagram 
and that the passage of the originally filed Specification cited by Appellants 
does support such a feature. (Answer 15.) Further, with respect to claims 53 
and 54, the Examiner states that the Specification discusses each submodule 
retrieving a packet for scanning, but does not teach that the submodule 
performs the scanning as claimed. 

The Examiner contends that the rejections based upon Maher are 
proper. The Examiner states that the term "passive" is not defined in 
Appellants' Specification. To define the term "passive," the Examiner cites 
a dictionary definition of "receiving or subjected to an action without 
responding or initiating an action in retum." (Answer 16.) Applying this 
definition, the Examiner finds that Maher' s device is passive "because it 
does not respond to the data that is received." (Answer 17.) Additionally, 
the Examiner states that when data is transmitted, the receiving end does not 
receive a physical object but instead receives signals which are interpreted to 
recreate the data. As such, the Examiner reasons that the signals received by 



^ We note that Appellants have presented further arguments for the rejection 
based upon 35 U.S.C. § 102(e) and each of the different rejections based 
upon 35 U.S.C. § 103(a). However, for the reasons stated infra, the issues 
these contentions raise are dispositive of all of the rejections before us. 
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Maher's device are used to recreate the data and that as such the recreated 
data is a copy of the data. 

The Appellants' contention presents us with several issues: 1) whether 
the limitation in claims 32 and 41 of "wherein each of a plurality of 
protocol-specific modules process each reassembled datagram based on an 
upper protocol layer employed by the reassembled datagram" is supported 
by Appellants' disclosure, 2) whether the limitation in claim 53 of "protocol- 
specific scanning submodules, each protocol-specific scanning submodule 
designated for scanning network protocol packets of a particular protocol" is 
supported by Appellants' disclosure, 3) whether Maher teaches "a network 
interface passively monitoring a transient packet stream at a network 
boundary" as recited in independent claims 1 and 16, and 4) whether Maher 
teaches "a network interface receiving copies of datagrams transiting a 
boundary of a network domain into an incoming packet queue, each 
datagram being copied from a packet stream," as recited in independent 
claims 32 and 41. 

FINDINGS OF FACT 

Facts related to rejection based 35 U.S.C. § 112, first paragraph: 

Appellants' originally filed Specification, discussing figure 3, states 

on page 7, line 29 through page 8, line 12: 

The antivirus scanner 32 includes a plurality of protocol- 
specific scanning submodules 35-38, including submodules for the 
Hypertext Protocol (HTTP), File Transfer Protocol (FTP), Simple 
Mail Transport Protocol (SMTP), and Network News Transport 
Protocol (NNTP), although other upper layer network protocols could 
also be implemented, as would be recognized by one skilled in the art. 

Through each protocol-specific submodule 35-38, the antivirus 
scanner 32 retrieves each re-assembled packet from the appropriate 
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protocol-specific queue 41 for scanning using standard antivirus 
techniques, as are known in the art. Upon detecting the presence of an 
infected message, the antivirus scanner 32 logs the occurrence in a log 
47. In addition, the antivirus scanner 32 can optionally generate a 
warning 46 to the network administrator or other appropriate user. As 
well, the antivirus scanner 32 can optionally '*spoof' the origin server 
by sending a legitimate packet in place of the infected packet. The 
legitimate packet is placed as an outgoing packet 49 in the outgoing 
packet queue 48 for sending over the intemetwork via the network 
interface 34. 

We find that this passage demonstrates that at the time of the 
invention Appellants had possession of the concept of an antivirus scanner 
which contains several submodules. Each of these protocol-specific 
submodules retrieves packets from a protocol-specific queue, i.e. the FTP 
submodule retrieves packets fi-om the FTP queue. The passage does not 
discuss a protocol-specific submodule retrieving a packet from a different 
protocol-specific queue, i.e. there is no disclosure of the FTP submodule 
retrieving a packet from the SMTP queue. Further, as these submodules are 
part of the antivirus scanner and there is no disclosure of a separate antivirus 
scanner, one skilled in the art would recognize that the submodules perform 
the scanning functions. 

Appellants' originally filed claims do not include a limitation reciting 
"wherein each of a plurality of protocol-specific modules process each 
reassembled datagram based on an upper protocol layer employed by the 
reassembled datagram." 

Facts relating to the rejections based upon Maker: 

Appellants' Specification does not define the term "passive 
screening." However, on page 3 of Appellants' originally filed 
Specification, "passive screening" is described as not causing an interruption 
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of an incoming data packet stream. This is compared with "active packet 
scanners" which interrupt the flow of the packet stream. We further note 
that Appellants' Specification discusses passive screening as not affecting 
message traffic through the network domain boundary. (Specification 10.) 

Maher teaches a processor that scans the entire content of a data 
packet as it transitions a network point. See Abstract. The processor is able 
to identify the contents of data packets transitioning the network. (Col. 5, 11. 
16-20.) The processor can then perform functions on the data packets to 
identify and filter out security problems (e.g. viruses, worms etc.) and also 
allow metering of network traffic. (Col. 5, 11. 27-36.) To perform these 
functions, the processor must reassemble the data packet fragments to form 
data packets. (Col. 6, 11. 1-7.) Network traffic flows through the processor, 
and as such, the processor must maintain high throughput speeds. (Col. 8, 1. 
60-Col. 9, 1. 5.) 

PRINCIPLES OF LAW 
The written description requirement serves "to ensure that the inventor 
had possession, as of the filing date of the application relied on, of the 
specific subject matter later claimed by him; how the specification 
accomplishes this is not material." In re Wertheim, 541 F.2d 257, 262, 191 
USPQ 90, 96 (CCPA 1976). In order to meet the written description 
requirement, the Appellant does not have to utilize any particular form of 
disclosure to describe the subject matter claimed, but "the description must 
clearly allow persons of ordinary skill in the art to recognize that [he or she] 
invented what is claimed." In re Gosteli, 872 F.2d 1008, 1012, 10 USPQ2d 
1614, 1618 (Fed. Cir. 1989). Put another way, "the applicant must . . . 
convey with reasonable clarity to those skilled in the art that, as of the filing 
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date sought, he or she was in possession of the invention^ Vas-Cath, Inc. v. 
Mahurkar, 935 F.2d 1555, 1563-64, 19 USPQ2d 1111,1117 (Fed, Cir. 
1991). Finally, "[p]recisely how close the original description must come to 
comply with the description requirement of § 112 must be determined on a 
case-by-case basis." Eiselstein v. Frank, 52 F.3d 1035, 1039, 34 USPQ2d 
1467, 1470 (Fed. Cir. 1995) (quoting Vas-Cath, 935 F.2d at 1562, 19 
USPQ2dat 1116). 

Office personnel must rely on Appellants' disclosure to properly 
determine the meaning of the terms used in the claims. Markman v. 
Westview Instruments, Inc., 52 F.3d 967, 980, 34 USPQ2d 1321, 1330 (Fed. 
Cir. 1995). "[IJnterpreting what is meant by a word in a claim Ms not to be 
confused with adding an extraneous limitation appearing in the specification, 
which is improper.'" In re Cruciferous Sprout Litigation, 301 F.3d 1343, 
1348, 64 USPQ2d 1202, 1205, (Fed. Cir. 2002) (emphasis in original) 
{cWinglntervetAm., Inc. v. Kee-Vet Labs., Inc., 887 F.2d 1050, 1053, 12 
USPQ2d 1474, 1476 (Fed-Cir.1989)). 

ANALYSIS 

Analysis related to rejection based 35 U.S.C. § 112, first paragraph: 

The first issue related to the Examiner's rejection under 35 U.S.C. 
§112, first paragraph, hinges on claim interpretation. As discussed supra. 
Appellants' originally filed Specification does not demonstrate that, at the 
time of filing. Appellants possessed a protocol-specific submodule retrieving 
a packet from a different protocol-specific queue. Claim 32 recites "wherein 
each of a plurality of protocol-specific modules process each reassembled 
datagram based on an upper protocol layer employed by the reassembled 
datagram." Independent claim 41 contains a similar limitation. We concur 
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with the Examiner's interpretation that these claims recite that each 
protocol-specific submodule retrieve each reassembled datagram. 
Appellants' proffered interpretation, in essence, reads out the second 
recitation of "each," Appellants' interpretation would be proper if the claim 
recited "wherein each of a plurality of protocol-specific modules process 
eaeh reassembled datagram based on an upper protocol layer employed by 
the reassembled datagram." We chose not to read limitations out of the 
claims. During prosecution. Appellants are free to amend the claims. Thus, 
we do not find that Appellants' originally filed Specification demonstrates 
that Appellants at the time of filing possessed the invention as claimed in 
independent claims 32 and 41. Claims 33 through 38, 40, 42 through 47 and 
49 through 54 are dependent upon either claims 32 and 41. Accordingly, we 
sustain the Examiner's rejection of claims 32 through 38, 40 through 47, and 
49 through 54 under 35 U.S.C. § 1 12, first paragraph, as failing to meet the 
written description requirement and the accompanying objection to the 
Specification. 

The second issue related to the Examiner's rejection under rejection 
under 35 U.S.C. § 1 12, first paragraph, only applies to claims 53 and 54 and 
hinges on our findings related Appellants' disclosure. Claims 53 and 54 
recite the protocol-specific submodules scanning the data packets. As 
discussed supra in the findings of fact, we find that one skilled in the art 
would recognize that the protocol-specific submodules are part of the 
antivirus scanner and as such the protocol-specific submodules perform the 
scanning functions. Thus, while we sustain the Examiner's rejection of 
claims 53 and 54 under 35 U.S.C. § 1 12, first paragraph, because they 
depend upon claim 32, we do not sustain the Examiner's rejection of claims 
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53 and 54 under 35 U.S.C. § 1 12, first paragraph, as it relates to the 

limitation of submodules scanning. 

Analysis relating to the rejections based upon Maker: 

The first issue related to the Examiner's rejection based upon Maher 
hinges on claim interpretation. The preamble of independent claim 1 recites 
"passive screening" and the body of the claim recites "a network interface 
passively monitoring a transient packet stream at a network boundary." 
Independent claim 16 recites similar limitations. As discussed supra. 
Appellants' Specification discusses "passive screening" as not causing an 
interruption of an incoming data packet stream. Thus, we consider the scope 
of claims 1 and 16 to be so limited. 

As discussed supra, Maher teaches a content processor which 
reassembles/reorders the monitored data so that a scan can be performed. 
Since Maher 's processor is in the data steam, this reassembling/reordering 
the data interrupts the data stream. Thus, we find that Maher' s device is 
actively screening the data stream, not passively screening as recited in 
claims 1 and 16. Thus, we do not find that Maher anticipates independent 
claims 1 and 16. Claims 2 through 10, 13, 14, 17 through 25, 28, 29, 31, and 
55 all depend upon either claim 1 or 16. Accordingly, we will not sustain 
the Examiner's rejection of claims 1 through 10, 13 through 14, 16 through 
25, 28, 29, 31, and 55 under 35 U.S.C. § 102(e). 

Similarly, the second issue related to the Examiner's rejection based 
upon Maher hinges on claim interpretation. Independent claims 32 and 41, 
recite "passive screening" in their preamble and the body of the claims recite 
"a network interface receiving copies of datagrams transiting a boundary of 
a network domain . . . each datagram being copied from a packet stream." It 
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is generally understood that when a copy of something is made it refers to 
creating a duplicate. This meaning of the term is supported by Appellants' 
Specification; see, for example, the discussion of duplicate packets and 
copies on pages 3 and 4. Thus, we find that the scope of claims 32 and 41 
include that passive screening (where the data stream is uninterrupted) is 
performed in part by making a copy (duplicate) of the packets in the data 
stream and placing the copy into an incoming packet queue. As discussed 
supra, we do not find that Maher teaches or suggests a passive screening 
system. We do not find that the Examiner has demonstrated that Maher 
teaches or suggests making a copy (duplicate) of the packets in the data 
stream. Further, the Examiner has not asserted, nor do we find that Stevens, 
the second reference relied upon to reject claims 32 and 41, teaches or 
suggests such features. Claims 33 through 35, 38, 42 through 44, 47, 50 and 
52 depend upon one of claims 32 or 41. Accordingly, we will not sustain the 
Examiner's rejection of claims 32 through 35, 38, 41 through 44, 47, and 50 
through 52 under 35 U.S.C. § 103(a) as being unpatentable over Maher in 
view of Stevens. 

We note that the Examiner has rejected dependent claims 15, 30, 36, 
37, 40, 45, 46, 49, 53, and 54 under 35 U.S.C. § 103(a) as being 
unpatentable over Maher in view of other teachings. These rejections build 
on the rejections of independent claims 1,16, 32, and 41. The Examiner has 
not asserted, nor do we find that these additional teachings make up for the 
noted deficiencies in the rejections of the independent claims. Accordingly, 
we will not sustain the Examiner's rejections of claims 15, 30, 36, 37, 40, 
45, 46, 49, 53, and 54 under 35 U.S.C. § 103(a). 
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CONCLUSION 

We affirm the Examiner's rejection of claims 32 through 38, 40 
through 47, and 49 through 54 under 35 U.S.C. § 1 12, first paragraph. We 
reverse the Examiner's rejection under 35 U.S.C. § 102(e) and all rejections 
under 35 U.S.C. § 103(a). The decision of the Examiner is affirmed-in-part. 

No time period for taking any subsequent action in connection with 
this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv) (2006). 

AFFIRMED-IN-PART 
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